The document discusses VMware's role in the container and cloud-native application ecosystem, highlighting the functionalities of Docker and the challenges faced by vSphere administrators in managing container deployments with persistent storage. It outlines solutions such as VMware's Docker Volume Service, Harbor for secure image storage, and vSphere Integrated Containers for enhanced visibility and management. Additionally, it covers Kubernetes deployment options on vSphere and introduces the Photon Platform for container-only applications.

1. VMUG.IT Meeting – 10 June 2017
Container and Cloud Native Application
What is VMware doing in this space?
Giuseppe Guglielmetti - @gguglie

2. 2
Who I am
§ Giuseppe Guglielmetti
• Cloud and Storage Architect, VCP
• vExpert 2011-2017, EMC Elect 2015
• @gguglie - it.linkedin.com/in/giuseppeguglielmetti

3. 3
What is a container?

4. 4
What is a container
§ An application run-time environment
§ Groups and isolates a set of processes and resources
• Memory, CPU, disk, etc.
§ Share the same common kernel of the host operating system
• Can also share same binaries and libraries, where appropriate
§ Very fast to start
§ Lightweight
• No GuestOS required per container
§ Sometimes referred to as “Container virtualization” or “OS level
virtualization”

5. 5
Container vs VM
Container versus VMs
4
Server
Host OS
AppA
AppB
Container
Server
Hypervisor
Guest
OS
Guest
OS
Guest
OS
AppA AppA’ AppB
VM
VM VM VM
AppA’

6. 6
What is Docker?

7. 7
Docker
§ Docker the Company
• Was previously a PaaS (dotCloud)
• Become Docker in 2013
• Developed the Docker Engine in-
house
• Open sourced Docker Engine
• “Guardians” of Docker Engine
§ Docker the Project
• Docker Engine to build, ship, and
run containers
• Open Source, written in GoLang
• Community owned
• Container Engine/Daemon/Runtime
• Now called Moby project

8. 8
Docker and Developers
§ Developers love Docker for its frictionless deployment and
portability that makes DevOps easier
On a developer’s laptop:
# docker build my_app
# docker push my_app
Then on a production server:
# docker pull my_app
# docker run my_app

9. 9
Container Lifecycle
tainer Lifecycle
build
push
pull
run
start
stop

10. 10
Docker is also…
Docker is also …
9
Docker Compose
for
Orchestration of
multi-container applicationsClustering & scheduling
Docker Hub
Registry for storing container
images, which could be OS
images (Debian, Ubuntu, etc) or
software images (MongoDB,
Nginx, etc)
Clustering and
Scheduling
Registry for
storing container
images
Orchestration of
multi-container
applications

11. 11
What is VMware doing in this space?

12. 12
Docker Volume
Service
Kubernetes
on
vSphere
vSphere
Integrated
Containers

13. 13
Problem #1
§ Your developers want to use Containers
§ As a vSphere Admin, you can offer VMs on vSphere to run
containers
§ But...
• The developers also want persistent, stateful storage for their container
data…how do I persist data in containers?
• Docker tells us that containers are stateless – fire up the container, do some
work, throw it away. i.e. Don’t persist anything!
§ What are my options as a vSphere Admin?

14. 14
vSphere Docker Volume Service
https://vmware.github.io/docker-volume-vsphere/
Currently betavSphere Docker Volume Service
Enterprise grade High Performance Storage and Data services for Containers
Photon Machine
Persistent Datastore
vSphere
Container
vSphere Volume
DriverPhoton Machine
vSphere Volume
DriverPhoton Machine
vSphere Volume
Driver
Docker Swarm/Datacenter
vCenter
VMVMVM
Benefits:
o Simple Install
o Zero configuration
o 100% Docker Compatible & Certified (API, CLI, Swa
Status:
o Open source and Free!
o Docker Certified.
o Currently Beta. GA coming soon.
https://vmware.github.io/docker-volume-vsphere/
• Designed to meet the needs of
Enterprise IT and application
developers
• Use any VMware supported enterprise
class storage backed by vSAN, VMFS
and NFS
• Support policy based management
• Open source and free
• Benefits:
• Simple Install
• A vib on ESXi and a docker
plugin on the VM
• Zero configuration
• Docker Compatible & Certified

15. 15
Problem #2
§ Your developers are now using Containers in VMs on vSphere with
persistent storage
§ But...
• They are pushing/pulling images to an external docker hub/repo
§ This means...
• It is slow – an internal repo is faster
• It is insecure - my company’s intellectual property is going outside of the DC
• How is it protected? – is the repo “highly available” or not?
§ Now management want you to to solve this, especially the
‘Intellectual Property’ issue.
§ What are my options as a vSphere Admin?

16. 16
Harbor
§ Enterprise-class registry server for Docker images
§ Adds management, auditing, security, performance, identity and
access control
§ Improves transfer times
• registry is closer to the build/run environment
§ Intellectual properties remain inside the company firewall
§ As a vSphere Admin, you have control over who can push/pull
images
§ Supports multiple registries for image replication
arbor – Enterprise Class Registry
nterprise-class registry server for Docker images
dds management, auditing, security, performance, identity and access control
Improves transfer times (registry is closer to the build/run environment)
Intellectual properties remain inside the company firewall
As a vSphere Admin, you have control over who can push/pull images
Supports multiple registries for image replication
https://github.com/vmware/harbor
26
https://github.com/vmware/harbor

17. 17
Standard docker registry (docker hub)
tainer Lifecycle
build
push
pull
run
start
stop

18. 18
Harbor registry

19. 19
Problem #3
§ Your developers are now using Containers in VMs on vSphere with
Harbor
§ But...
• What are they doing in the containers?
• How much compute resources are the containers consuming?
• How much storage are the containers consuming?
• Which networks are they communicating on?
• What ports are opened?
§ How can I manage containers in production/day #2 operations?
• Monitor/Manage/Backup/Recover/Security/Auditing
§ What are my options as a vSphere Admin?

20. 20
vSphere Integrated Containers
§ VIC was announced with vSphere 6.5 and support is included with
vSphere 6.0 and 6.5, Enterprise Plus edition.
§ For Devs: Docker API endpoint (without Docker)
§ For Ops: Containers running as VMs in vSphere
§ VIC (through vSphere) provides visibility into resource
management, networking, and persistent storage of “containers”.
§ Security and Auditing practices used for VMs can now be applied
to “containers as VMs”.
https://github.com/vmware/vic
vSphere Integrated Containers
• For Devs: Docker API endpoint without Docker (there is no docker here)
• For Ops: Containers running as VMs in vSphere
• App Team and IT team now use the same abstraction
• VIC (through vSphere) provides visibility into resource management, networking, and persistent
storage of “containers”.
• Security and Auditing practices used for VMs can now be applied to “containers as VMs”.
• VIC was announced with vSphere 6.5 and support is included with vSphere 6.0 and 6.5,
Enterprise Plus edition.
https://github.com/vmware/vic
30

21. 21
vSphere Integrated Containers
Developers and Operators use the same abstraction

22. 22
vSphere Integrated Container

23. 23
Deployment
§ Deploy vSphere Integrated Containers (VIC) OVA
§ Download vic-machine binaries (for Linux, Windows and MAC)
from VIC OVA
§ Use vic-machine to create VCH–VirtualContainerHost (docker API
endpoint)
§ Docker API endpoint used by developers to create containers (as
VMs)
§ Point browser at VIC OVA to access:
• Harbor (for registry – storing images)
• Admiral (for management/orchestration – deploying containers)
§ As far as a developer is concerned, this is Docker
§ Admin/Ops have full visibility of Container as a VM

24. 24
Problem #4
§ Now your developers are now using vSphere Integrated Containers
§
§ But...
• They want to be able to have some sort of orchestration of deploying
containers with vSphere Integrated Containers
• They’d like to be able to use a local repository for the container images
§ What are my options as a vSphereAdmin?

25. 25
Harbor + Admiral + vSphere Integrated Containers
vSphere
Integrated
Containers
+ +
§ Harbor for secure registry
• Included with VIC
§ Admiral for orchestration
• Can be pointed at a VIC container host (VCH) for rolling out containers

26. 26
41
ed

27. 27
Problem #5
§ Developers have asked to deploy Kubernetes on my vSphere
Infrastructure
§ But...
• What is Kubernetes?
§ Kubernetes, from Google, is a popular "platform for automating
deployment, scaling, and operations of application containers across
clusters of hosts".
§ What are my options as a vSphere Admin?

28. 28
Kubernetes deployed natively on vSphere
§ Available since Kubernetes 1.4.8 via native kubernetes-anywhere
§ Just download Kubernetes (which includes vSphere Cloud
Provider for Kubernetes)
§ Auto-deploys VMs, and associated containers, to bring up
Kubernetes
s (K8S) deployed natively on vSphere
e Kubernetes 1.4.8 via native kubernetes-anywhere
ownload K8S (which includes vSphere Cloud Provider for K8S)
ks about your vSphere Infrastructure and then “make config”.
VMs, and associated containers, to bring up K8S

29. 29
Problem #6
§ You have lots of developers, all working on different projects using
containers.
§ I need multi-tenancy because:
• Some teams want Kubernetes to develop container based apps
• Others want Mesos+Marathon (from Apache) for cluster/orchestration
• Others want Docker Swarm (from Docker) for clustering
§ I may potentially need to scale to 100s to 1000s of ESXi hosts if
some of these projects are successful!
§ What options can VMware give me?

30. 30
Photon Controller / Photon Platform
§ No vSphere/vCenter in this model. Focus on greenfield sites where
the requirement is to deploy a “container only” application(s).
§ Deploy a hypervisor (Photon Machine aka ESXi)
§ Deploy a hypervisor control plane (Photon Controller)
§ Instantiate one or more VMs as a Container Hosts e.g. docker
swarm (Photon OS)
§ Run containers inside that Container Host
§ Container management and orchestration is out of scope for the
Photon technologies. It is intended to be a platform for container
orchestration systems
Photon Platform is the brand name that includes ESXi
and Photon Controller technologies.

31. 31
Photon Platform - Architecture

32. 32

33. 33
Problem #7
§ I now have Photon Platform deployed, lots and lots of ESXi hosts,
but no vCenter Server.
§ Developers are using Kubernetes, Mesos and Docker Swarm.
§ But...
• I need to provide a highly available, policy driven, persistent storage solution
for all of these frameworks
§ • What options can VMware give me?

34. 34
vSAN for Photon Platform v1.2

35. 35
VSAN for Cloud Native AppsvSAN – Hyper Convergence for Cloud Native A
Photon Platform
Cluster
Managers
Dock
Work
Per V
vSph
Dock
VM-l
DevO
Nativ
Stora
agile
VM
vCenter Server
Primary Cluster
Photon vSAN
Primary Cluster
vSphere vSAN
VIC

36. 36
Some links
§ Cormac Hogan’s blog: http://cormachogan.com/
• Lots of informations about VMware approach to CNA
• http://cormachogan.com/cna/
• Main source for this preso: thanks Cormac!
§ VMware Cloud Native Apps blog: https://blogs.vmware.com/cloudnative/
§ VMware Open Source Project: http://vmware.github.io/
§ Getting Started Kubernetes on vSphere:
https://kubernetes.io/docs/getting-started-guides/vsphere/

37. 37
Grazie!
#VMUGIT
@VMUGIT